#NSBCS.061 - From the Desk of the CEO | Your Office Needs You! (does it really?)

Written By Shane Bell
#NSBCS.061 - From the Desk of the CEO | Your Office Needs You! (does it really?)

Source: NSB Cyber

 

Your Office Needs You! (does it really?)

There is so much commentary about return to office mandates. Every other week there is an article in the media about another Aussie company mandating full time return to the office, or if not full time return, then micro-managing hybrid routines to the point where they are contradictory to their actual intent - flexibility. So for my first from the desk of the CEO blog for 2025 I thought, why not enter the debate. So here we go.

My headline position is this - treat adults like adults. I closely follow this with - trust the people you chose to hire in the first place, to do what you hired them to do. And finally, I close my position with - focus on culture (I mean really focus on it, rather than using it as an excuse).

Let me explain.

Last time I checked, life is complicated. Becoming an adult comes with responsibility, and this changes over time. Our work life has injected itself so heavily into our lives (via technology) that we have been forced to make trade-offs, sacrifices and concessions to be “successful”, which lets more of the work in. This makes meeting the rest of our adult responsibilities harder because we just have less time. Don’t get me wrong, I love technology and how connected and available I can be. What I don’t like is antiquated thinking that has not evolved at the speed that our embrace of technology has. That seems conveniently very one sided to me.

So if we hire adults that we trust, knowing they have responsibilities that will evolve over time which will often be unique to them, then why do we not trust them enough to approach their work with diligence and integrity, and in a manner that works well for them and for us? I think Jack Black did it best in School of Rock. Everyone starts with an A, it is up to you if you keep it by the end of term.

And then there is culture, the trickiest part of the puzzle. Culture is harder. That doesn’t make it impossible. Remember, great things only happen when you are outside of your comfort zone. Culture requires open-mindedness and modernisation of thought from courageous leaders. We do not work the same way we used to. We do not live the same way we used to. Fact. When I was a kid, my Dad worked in a garage as a mechanic and my Mum was a payroll clerk. All of their work happened at work and none of it came home. That is pretty rare these days. Now, in so many professions, our work comes with us everywhere. So why can’t our life come with us everywhere too? Why is it so offensive to some managers and leaders that an employee would get a haircut mid-afternoon on a Wednesday (as an example)? I guarantee you that if they had invested in building the right culture, then that employee would have got their work done around that appointment by starting earlier, finishing later or just by being more productive to buy themselves a bit of extra time to get a fresh fade.

So why are we so scared to treat adults like adults, and trust them to do the job we hired them to do? And why does the best work only happen if we spend hours commuting to sit in an office to build a fabricated “culture”?

The answer is complicated I concede. My two cents is this. Don’t be scared of change, take time to understand it and embrace what works best for your business. For the difficult decisions, default in favour of the human, rather than the business. For so long the odds have been in favour of the business. We need to even the ledger. Truly commit to flexibility, without question or judgement. Trust your adults to be excellent at their jobs, otherwise why did you hire them in the first place? Make it easy for people. Give them a place to work if they prefer the office, or make sure they have an ability to work at home if they prefer that, or a raft of variations to this. Allow your culture to find its happy point, where it does its best work. Don’t develop a flexible work arrangement that is so rigid that it is no longer flexible. Be less prescriptive and more adaptive. Measure success by outcomes and not by the method of execution. Let people live their lives and reward them with a great job that believes in them and lets them bring their best self to work.

We have a saying at NSB Cyber, part of the fabric of our business. Work from wherever, whenever, wearing whatever, just make the work amazing and the customer experience faultless.

Easy? No, of course not. But if you don’t even try, then that says more about your culture than cupcakes in the office every Friday.

#nostepsbackward

What we read this week

  • International Sweep Nabs Phobos Ransomware Hackers, Seizes 8Base Dark Web - In a global law enforcement operation code-named "Phobos Aetor," four suspected Phobos ransomware hackers have been arrested in Phuket, Thailand, for allegedly orchestrating cyberattacks on over 1,000 victims worldwide and extorting $16 million. Swiss authorities initiated the request for their arrest and extradition, citing attacks on 17 Swiss companies from April 2023 to October 2024. During raids across four locations, police seized laptops, smartphones, and cryptocurrency wallets. Additionally, 8Base’s dark web negotiation and data leak sites were taken offline. Investigators say the group employed the Phobos encryptor, appending .8base or .eight to compromised files.

  • Lee Enterprises Faces Major Cyberattack, Disruption to Newspaper Production - Lee Enterprises, a major newspaper publisher operating in 77 markets in the US, recently suffered a cyberattack that disrupted its printing and e-edition services. The incident reportedly affected production schedules and online access for various publications, prompting Lee to launch an internal investigation. While details remain limited, the company has implemented contingency plans, including manual workarounds, to restore operations. No evidence has surfaced indicating subscriber or employee data was compromised, but security teams are continuing to assess the full scope of impact. Lee Enterprises has not disclosed the attack vector or identified any vulnerabilities.

  • Kraken Ransomware Gang Targets Cisco: Windows AD NTLM Hashes Dumped - Cisco has reportedly suffered a breach, with sensitive internal Windows Active Directory credentials leaked online by the Kraken ransomware group. The dataset contains usernames, SIDs, and NTLM password hashes, as well as privileged domain controller and administrator accounts, suggesting deep network infiltration. Attackers likely employed credential-dumping tools like Mimikatz or pwdump to collect login information. With these hashes exposed, threat actors can escalate privileges, move laterally, and potentially deploy ransomware. While Cisco has not officially confirmed the incident, investigators warn that persistent access could enable further attacks, underscoring the need for immediate password resets and enhanced security controls.

  • Massive 2.8 Million IP Brute-Force Attack Threatens Global VPN Access - In early December, a sophisticated brute-force campaign bombarded VPN endpoints with login attempts from over 2.8 million unique IP addresses, aiming to exploit weak or default credentials for unauthorised access. Security researchers noted attacks targeting popular services like OpenVPN and various enterprise VPN platforms. By automating credential stuffing, attackers rapidly tested thousands of username-password combinations. The threat underscores the importance of limiting VPN access, robust password hygiene, multi-factor authentication, and strict login attempt monitoring. Although no specific CVEs were referenced, experts warn that compromised VPN credentials could facilitate network infiltration, data theft, and lateral movement across enterprise environments.

  • High-Severity CVE-2025-0994 Found in Trimble Cityworks Public Asset Management Software - A newly disclosed vulnerability, CVE-2025-0994, affects Trimble Cityworks, a platform widely used by government organisations for asset management and permitting. Researchers discovered that attackers could exploit an authentication flaw to gain unauthorised access, potentially leading to data exposure or remote code execution. Trimble has acknowledged the high-severity issue (CVSS Score of 8.6) and is expected to release a security patch soon. Administrators are strongly advised to apply available mitigations, restrict external access to Cityworks interfaces, and monitor logs for unusual activity. Until an official fix is available, organisations should prioritise implementing best practices to minimise the risk of compromise.

References
https://www.bleepingcomputer.com/news/legal/police-arrests-4-phobos-ransomware-suspects-seizes-8base-sites/
https://www.darkreading.com/cyber-risk/newspaper-giant-lee-enterprise-cyberattack
https://cybersecuritynews.com/cisco-hacked/
https://www.scworld.com/news/next-level-brute-force-attack-uses-28-million-ips-to-target-vpns
https://thecyberexpress.com/cve-2025-0994-trimble-cityworks-vulnerability/
Shane Bell
Previous

#NSBCS.062 - Guardians of the Web: Practical Cybersecurity Tips for Protecting Kids Online
Next

#NSBCS.060 - Different Hats, Same Mission: Reflections on a Cybersecurity Journey